Privacy & data

Protected customer data

Safety Label is Level 0: it works only with your product catalog and theme to collect and display GPSR safety data. It never reads orders, customers, or checkouts.

PCD LEVEL 0

What Safety Label accesses

read_products

Product titles, descriptions and existing safety metafields — used to audit GPSR completeness and to ground AI drafts in your own product text.

write_products

Writes the safety data you enter or approve back to the product's safetylabel metafields. Every write is snapshotted and reversible.

read_metaobjects / write_metaobjects

Stores reusable manufacturer / EU-Responsible-Person records so you can attach one entity to many products without retyping.

read_themes

Detects whether the Safety Label theme app-embed is enabled, so we can show an honest "displayed on storefront ✓" instead of guessing. Read-only.

What Safety Label never accesses

Orders, customers, checkouts, or any personally identifiable customer data. Safety Label does not request read_orders, read_customers or related scopes — it is structurally unable to read them.

How your data is handled

  • Zero-retention AI: when you use AI auto-fill, your product text is sent to the model to draft safety fields and is never logged or retained; only coarse, non-content metadata (token counts, latency) is recorded.
  • Grounded extraction: AI drafts are constrained to text found in your own product data — the app discards any value it cannot ground in your source.
  • Encrypted at rest: Shopify access tokens are stored with AES-256-GCM encryption.
  • Deleted on uninstall: on app uninstall and on a Shopify shop-redaction request, all of your data is removed.

Honesty

The GPSR compliance score measures how complete your product's safety data is against the required fields — it is not legal advice or a determination that a product is compliant or safe. You are responsible for the accuracy of the data you enter.